Ask stories

Curious to hear from anyone actively working with COBOL/mainframes. Do you see LLMs as a threat to your job security, or the opposite?

I feel that the mass of code that actually runs the economy is remarkably untouched by AI coding agents.

How can i be informed of YC events to attend?

Hello HN! I am putting together a community-maintained directory of personal websites at https://hnpwd.github.io/. More details about the project can be found in the README at https://github.com/hnpwd/hnpwd#readme.

As you can see, the directory currently has only a handful of entries. I need your help to grow it. If you have a personal website, I would be glad if you shared it here. If your website is hosted on a web space where you have full control over its design and content, and if it has been well received in past HN discussions, I might add it to the directory. Just drop a link in the comments. Please let me know if you do not want your website to be included in the directory.

Also, I intend this to be a community maintained resource, so if you would like to join the GitHub project as a maintainer, please let me know either here or via the IRC link in the README.

By the way, see also 'Ask HN: Could you share your personal blog here?' - https://news.ycombinator.com/item?id=36575081 - July 2023 - (1014 points, 1940 comments). In this post, the scope is not restricted to blogs though. Any personal website is welcome, whether it is a blog, digital garden, personal wiki or something else entirely.

UPDATE: It is going to take a while to go through all the submissions and add them. If you'd like to help with the process, please send a PR directly to this project: https://github.com/hnpwd/hnpwd.

Considering there is very little moat left in software and big companies can copy your product in no time?

To make a preface first: I am currently located in Belgrade, Serbia and I am trying to see where I could find potential investor for the project I am working on.

I know the places such as OpenVC https://www.openvc.app/, but I do not know anyone that had any experience with it. I am really not sure if anyone has invested in projects from Serbia outside ElevenFund, SouthCentral Ventures and few more.

For someone wondering why not to look for local investments: Aside from the current political turmoil, the investment here is not that encouraging - you give away a large percent of equity for the investment that is not enough to cover yearly costs in some cases.

About the project: I come from the HR field, and in current climate finding job is really hard. A lot of candidates apply, and at the same time a lot of positions are saturated with applications, that most of the time are not even viewed. This in turn makes finding job even harder.

The traditional ATS model feels like black hole where you just throw your resume and hope for the best. With the addition of AI to analyze and pick resumes it gets even worse. Additionally, a lot of them are saturated with features which most people either don't use or know how to use at all.

Getting rejected from one company shouldn't be the end of the road when searching for job, it should be just the start until it is finished and concludes with hiring somewhere.

The idea itself is to connect applicants (with their consent) that have been rejected, with other companies that are looking for same profiles. This cuts Time To Hire saving the costs for company on the one side, and at the same time it cuts the time for people to find a job, since the system matches them with potential companies in a similar way like dating apps. It can also reduce reliance on hiring agencies as time goes by.

As more people use the ATS the database will get bigger, thus the quality of the matches will get better. The AI here can be used for better matchmaking and building better recommendation system, while making sure that there is human behind the feels to check every match, resume and so on.

I have already built an MVP that shows how it would function, and am currently in the process of working out with friend in making it to be in usable state for others. I've researched PMF (Product Market Fit) and how it fits in current market. As for the monetization I have additional ideas aside for the typical subscription payed per seat/package.

The product itself is B2B oriented with both the individuals and companies being the beneficiaries of it.

I am open to hearing more on how should I proceed in this regards and where to go next really because finding investment from Serbia seems like looking to find a needle in a haystack.

I am curious how people are doing RAG locally with minimal dependencies for internal code or complex documents?

Are you using a vector database, some type of semantic search, a knowledge graph, a hypergraph?

Curious what tools people are using that aren't GenAI/LLM-based. Things that have actually changed how you work, not just minor conveniences.

Gitmore (https://gitmore.io)

One feature I built that's been useful: a Slack bot that queries your Git history.

Connect your repos. Add the bot to Slack. Ask: - "What shipped last week?" - "Who's working on the API?" - "Which PRs are stuck?"

The bot pulls from commit messages and PR descriptions across GitHub, GitLab, and Bitbucket. Answers show up in Slack – no GitHub login needed.

Helpful for non-technical team members who need visibility but don't use GitHub.

*Security:*

Webhooks only. We store metadata – commit messages, PR descriptions, authors, timestamps. Never source code.

- Encrypted tokens (Fernet) - Webhook signature verification - 2FA support

Countless voiceless people sit alone every day and have no one to talk to, people of all ages, who don't feel that they can join any local groups. So they sit on social media all day when they're not at work or school. How can we solve this?

Doesn't matter what domain and how big or small.

Way back when computers were a scarce resource and we had to share them. Multiple local user accounts were used for this purpose. Now I find that I never have multiple local logins (the username and password you use to access your physical hardware) except for my personal login and sometimes and admin login. Curious what others do and in what context. It makes tons of sense for a dedicated device in a work context. At home do you have a different account for say your kid? Bonus points: multiple users on a phone or tablet. I had to do that one time on Android it was interesting.

I was doubting the potential of LLMs to produce working fullstack applications.

But now I have been proven wrong.

As a person in tech, how are you bullet proofing yourself for the post AI tools?

Besides obviously learning the new AI tooling.

I am a big fan of Claude Opus as it has been very good at understanding feature requests and generally staying consistent with my codebase (completely written from scratch using Opus).

I've noticed recently that when I am using Opus at night (Eastern US), I am seeing it go down extreme rabbit holes on the same types of requests I am putting through on a regular basis. It is more likely to undertake refactors that break the code and then iterates on those errors in a sort of spiral. A request that would normally take 3-4 minutes will turn into a 10 minute adventure before I revert the changes, call out the mistake, and try again. It will happily admit the mistake, but the pattern seems to be consistent.

I haven't performed a like for like test and that would be interesting, but has anyone else noticed the same?

I had the username @switzerland since 20.03.2006. Swiss tourism had another username since 17.10.2006. Now recently google gave my username away to swiss tourism without any notification. Their other username was fine for literally 20 years.

Worse, the app still showed my username for a long time meanwhile youtube.com/@Switzerland already showed that of swiss tourism (Schweiz Tourismus) and I was not aware of that. Hence, I lost it some months ago.

Why do I tell you? You might loose your username and you aren't even aware of it.

Background: I manage an ecommerce website. Recent bot traffic is up. Most traffic can be traced to one or two IP addresses with hundreds of requests per day. These ip addresses don't have DNS records for reverse lookup, and when I map the requests in cloudflare, one address shows up as requesting from different data centers all over the US. What is going on here? Source IP example 173 . 245 . 58 . 0

Chicago, United States (ORD)

340 requests

San Jose, United States (SJC)

330 requests

Los Angeles, United States (LAX)

310 requests

Atlanta, United States (ATL)

310 requests

Dallas-Fort Worth, United States (DFW)

290 requests

Newark, United States (EWR)

280 requests

Washington, United States (IAD)

230 requests

Miami, United States (MIA)

210 requests

Boston, United States (BOS)

140 requests

Singapore, Singapore (SIN)

130 requests

Thanks for ideas.

For example, let's say it came out that AI corps were, say:

- deliberately poisoning system prompts to obstruct development of AI-adjacent, possibly competitive tools, or

- 'fixing the game' with secret system prompts to ensure you endlessly circled the correct solution while never actually solving it, a kind of "Netflix-ization" of "always another episode" payoff withholding, to get you on the hook for more tokens, slot machine style.

These are just two random examples that occurred to me (likely out of some sci-fi dystopian novella floating in the aether that i picked up on).

But what do you think the bad news is gonna be 1 year from now? What is the worst they are going to be discovered doing?

Or will it be all good? Let's hope so!

I left my job that I got straight out of college few months ago. Why? The main reason was I had conflict with teammate in standup meeting. Used foul words. I later apologized in front of my entire teammates and settled it down. But still I resigned later on because I felt being let go. For example: My department was changed and later I was deemed unfit for that department as I could not learn “what they wanted” in two weeks. So my manager (first department) would tell me “Since you are unfit for this role, how do we take you back?” He did take us back but promoted juniors and kept me in the first level support.

To be honest I did not like that job due to the following reasons (since the start)

The work was menial.

The pay was horrible.

The blame was most because we were the lowest hanging fruits in entire company.

I wanted to prepare for government computer engineer job.

I could not see myself in that role for long.

But the reality was I could not get crack any other private sector jobs in those two plus years. I landed couple of interviews but could not get through interviews. That was when I decided government would be a better fit for my nature.

If I keep the gap visible in my resume, I will receive many questions(I might not be screened at all to be honest).

Why could not you seek a different job instead while having your existing job?

Why could not you seek a different department in your previous company itself?

I was preparing for government job since I left my job.

So I am looking for ideas to cover that gap.

Curious to hear arguments for and against this (compared to native) along with examples. Apps where the core functionality is camera-based.

Hi folks! I have huge success on a prototype of this approach:

- Store all data as json

- App loads: load full json on a client

- Something changes by user - change json locally and every 10 seconds save whole json to backend as a single json file

- also every 10 seconds load the updated json from backend to client.

Yes, I know, parallel access problems, lack of schema, lack of db, using file to store. But how much it makes life easier and speed ups development at start! I am in this over 20 years, and I like dumb stupid solutions applied properly. Duct taping forever!

I have been using Claude Code for DevOps style tasks like SSHing into servers, grepping logs, inspecting files, and querying databases

Overall it's been great. However, I find myself having to review every single command, a lot of which are repetitive. It still saves me a ton of time, but it's quickly becoming a bit tedious

I wish I could give the agent some more autonomy. Like giving it a list of pre-approved commands or actions that it is allowed to run over ssh

For example:

    OK: ls, grep, cat, tail
    Not OK: rm, mv, chmod, etc
    OK: SELECT queries
    Not OK: INSERT, DELETE, DROP, TRUNCATE

What setups have actually worked for you, and where do you draw the line between autonomy and risk?

Browsing for an obscure piece of electronics, I ran across a Poshmark listing that had it for considerably cheaper than anywhere else.

I didn't have an account yet, so I signed up with Google SSO and was able to place the order.

About an hour later I got an email as if I was the seller telling me to click this link to verify my account for my funds to be deposited.

Obviously phishing. Upon closer inspection, I had two earlier that were properly filtered to spam that were about 30 minutes after the order.

So the question here is what part of their system is so fundamentally broken that scammers instantly get my email? Does the seller get that upon me making that purchase?

And if that's not the case, then that means somebody has completely compromised their system.

In many currently active threads, members of the community are alluding to major productivity gains with more recent LLM models. I think it would be illuminating for all of us to hear what sorts of problem domains and lines of business these successes have occurred in.

A good example would be: "My team used Claude Code Opus 4.5 to build and ship an iOS fitness app that now has 10k paying users." This shows that the results of your process found paying customers.

Less helpful example would be: "My team is closing tickets faster than ever" or "I finally finished the novel I have been working on and my friends say it's great!" These are less interesting because they do not give us any insight into the market response.

I’m working on a project called Injectless — a browser extension that allows websites to explicitly declare which data they are allowed to inject into external sites, fully controlled by the user.

Note: This post was translated to English using AI. My native language is Spanish.

The Problem:

Users of SaaS apps (accounting, project management, etc.) often need to repeatedly copy data into external forms (government portals, client systems, etc.). Today this is a tedious, fully manual process.

My Current Solution

A browser extension where:

- Websites expose an injectless.json declaring which fields they can fill and on which domains

- The user explicitly installs the integration (one-click opt-in)

- When visiting an allowed site, the extension offers to “paste” each field

The Doubt

A friend suggested that instead of a browser extension, this should be a native app (similar to KeePassXC or Espanso) that:

- Works in any browser without installing multiple extensions

- Pastes sequences of fields using TAB (simpler, more universal)

- Works even outside the browser

- Avoids extension permissions, CSP issues, Shadow DOM, etc.

My Concerns About a Native App

- Mobile: Browser extensions do work on mobile (Safari iOS, Firefox Android). Native apps would face heavy sandboxing restrictions

- UX: The extension popup can show exactly which fields are available for the current page. A native app would be more “blind”

- Context: The extension knows which page you’re on and can automatically validate allowed domains

The Question

What seems more valuable / practical?

A) Browser extension (current approach) — more context, mobile support, clearer UX

B) Native app like Espanso/KeePassXC — more universal, single install, simpler

C) Both — native app as a base + optional extension as a companion for better UX

Has anyone worked on something similar?

What trade-offs might I be missing?

Thanks!

I’m looking for perspectives from people who have actually built or operated long-lived enterprise software.

Context (kept intentionally generic):

We have a mature, revenue-generating enterprise application that’s been in production for years.

Semi-technical leadership (with no engineering background) is aggressively considering spinning up a new product, built using LLM-driven tools (AI code generation, rapid prototyping, etc.), with the belief that:

modern AI tooling dramatically reduces build cost, LLMs are going to improve in the future

the new system is an attempt to replicate most of what an established competitor built over ~10 years

customers can optionally migrate over time (old system remains supported)

software-only product that aims to replace all of the current application's operational complexity with a goal to make it resellable product.

early vibe coded demos created with LLM tools are a good proxy for eventual production readiness

The pitch to ownership is that this can be done much faster and cheaper than historically required, largely because “AI changes the economics of building software.”

I’m not anti-LLM — I use them daily and see real productivity gains. My concern is more structural:

LLMs seem great at accelerating scaffolding and iteration, but unclear how much they reduce:

operational complexity

data correctness issues

migration risk

long-tail customer edge cases

support and accountability costs

Demos look convincing, but they don’t surface failure modes

It feels like we’re comparing the end state of a mature competitor to the initial build cost of a greenfield system

I’m trying to sanity-check my thinking.

Questions for the community:

Have you seen LLM-first rebuilds of enterprise products succeed in practice?

Where does the “cheap and fast” narrative usually break down?

Does AI materially change the long-term cost curve, or mostly the early velocity?

If you were advising non-technical owners, what risks would you insist they explicitly acknowledge?

Is there a principled way to argue for or against this strategy without sounding like “the legacy pessimist”?

I’m especially interested in answers from:

people who have owned production systems at scale

founders who attempted full or partial rewrites

engineers who joined AI-first greenfield efforts after demos were already sold

Appreciate any real-world experiences, success stories, or cautionary tales.

Curious what items under $100 have made your life better or any meaningful impact.

Revival of this [thread](https://news.ycombinator.com/item?id=23363396) from 6 years ago. Thought it would be fun to have new answers to this :)

I've got an email from Linkedin:

> ## colleagues from your company already solved LinkedIn puzzle games

Are you f%%n serious, Linkedin? This is a freaking spam from "Linkedin games".

The question is, how to stop it not like unsubscribe, but how to make it painful for them to do spam us?

Why am I seeing this on so many sites recently (in FireFox)? I've seen it half a dozen times in the past month or so, had never noticed it before then.

"You can't use speech synthesis because the speech dispatcher library is missing"

There's a 'learn more' link, but it just talks about getting speech synthesis working in my browser. Searching for the error string returns similar discussions. I don't want to do that (especially if it's some new marketing fad). Obviously it's speech synthesis but *what is it saying?*

The most recent instance was a dell.com product page posted here on HN:

https://www.dell.com/en-us/shop/dell-ultrasharp-52-thunderbolt-hub-monitor-u5226kw/apd/210-bthw/monitors-monitor-accessories

As lots of people on HN will have visited that link I thought somebody might be able to tell me what they heard?

I ran into a practical limitation while working on ML feature engineering and multi-omics data.

At some point, the problem stops being “how many rows” and becomes “how many columns”. Thousands, then tens of thousands, sometimes more.

What I observed in practice:

- Standard SQL databases usually cap out around ~1,000–1,600 columns. - Columnar formats like Parquet can handle width, but typically require Spark or Python pipelines. - OLAP engines are fast, but tend to assume relatively narrow schemas. - Feature stores often work around this by exploding data into joins or multiple tables.

At extreme width, metadata handling, query planning, and even SQL parsing become bottlenecks.

I experimented with a different approach: - no joins - no transactions - columns distributed instead of rows - SELECT as the primary operation

With this design, it’s possible to run native SQL selects on tables with hundreds of thousands to millions of columns, with predictable (sub-second) latency when accessing a subset of columns.

On a small cluster (2 servers, AMD EPYC, 128 GB RAM each), rough numbers look like: - creating a 1M-column table: ~6 minutes - inserting a single column with 1M values: ~2 seconds - selecting ~60 columns over ~5,000 rows: ~1 second

I’m curious how others here approach ultra-wide datasets. Have you seen architectures that work cleanly at this width without resorting to heavy ETL or complex joins?

Inspired by the post that's on the front page as I write this [1] I'm interested to hear about who's using DuckDB in production and how.

We have a tool live that uses it and I'm quite happy so I'm both looking for interesting use cases from others but also to be honest I'm reasonably sure I've just identified today that DuckDB is leaking memory quite seriously [2] so I'm curious to hear if other people have noticed this or if it's maybe something that's not as relevant to others since people might be running DuckDB pipelines in ephemeral envs like lambdas etc. where a memory leak might not matter as much.

[1] https://news.ycombinator.com/item?id=46645176

[2] https://github.com/duckdb/duckdb/issues/20569

I'm moreso referring to the educational value you received. Colleges increasingly have the reputation of being run like factories: less concern for the quality of their lecturers, and more for augmenting admissions numbers, even if it means dropping standards. To what extent is the knowledge you gained of real value to you? Were you well prepared to enter your field? Do you feel your degree is more than a guarantee to employers that you're not a complete bozo?

I think it was mostly worth it. Some upper level classes were half baked, with a few faculty members of dubious competency. But, I did learn enough to apply myself to my chosen field.